Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Hive JDBC Connection string with KNOX and Kerberos

Labels:
avatar
author-rank mliem
Expert Contributor

Created ‎09-28-2016 04:26 PM

Hello,

I am trying to connect to hive server JDBC through knox that has kerberos authentication. I was able to connect through knox but after enabling kerberos im having some issues.

Prior to kerberos this worked:

jdbc:hive2://<knox_host>:8443/;ssl=true;sslTrustStore=/knox/gateway.jks;trustStorePassword=knox?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive

connecting directly without knox:

!connect jdbc:hive2://<hiveserver_hist>:10001/default;principal=hive/_HOST@REALM.COM;transportMode=http;httpPath=cliservice

I've tried many different jdbc connection string combinations with no success. Is the principal=hive/_HOST@REALM.COM required?

Last i tried was:

jdbc:hive2://<knox_host>:8443/;ssl=false;httpPath=gateway/default/hive;transportMode=http;sslTrustStore=/knox/gateway.jks;trustStorePassword=knox

Which gave me:

org.apache.thrift.transport.TTransportException: org.apache.http.NoHttpResponseException: ec2-54-85-108-57.compute-1.amazonaws.com:8443 failed to respond
12,835 Views
0 Kudos
6 REPLIES 6

avatar
author-rank skothari author-rank
Contributor

Created ‎09-28-2016 06:11 PM

Matt, try this:

jdbc:hive2://<knox_host>:8443/;ssl=true;sslTrustStore=/var/lib/knox/data/security/keystores/gateway.jks;trustStorePassword=<master_secret>;transportMode=http;httpPath=gateway/default/hive

7,279 Views
0 Kudos

avatar
author-rank mliem
Expert Contributor

Created ‎09-28-2016 06:24 PM

@skothari

Getting the below:

16/09/28 18:23:43 [main]: ERROR jdbc.HiveConnection: Error opening session

org.apache.thrift.transport.TTransportException: HTTP Response code: 401

at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:262)

at org.apache.thrift.transport.THttpClient.flush(THttpClient.java:313)

at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73)

at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62)

at org.apache.hive.service.cli.thrift.TCLIService$Client.send_OpenSession(TCLIService.java:154)

at org.apache.hive.service.cli.thrift.TCLIService$Client.OpenSession(TCLIService.java:146)

at org.apache.hive.jdbc.HiveConnection.openSession(HiveConnection.java:552)

at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:170)

at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)

at java.sql.DriverManager.getConnection(DriverManager.java:571)

at java.sql.DriverManager.getConnection(DriverManager.java:187)

at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:146)

at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:211)

at org.apache.hive.beeline.Commands.connect(Commands.java:1190)

at org.apache.hive.beeline.Commands.connect(Commands.java:1086)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52)

at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:989)

at org.apache.hive.beeline.BeeLine.execute(BeeLine.java:832)

at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:790)

at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:490)

at org.apache.hive.beeline.BeeLine.main(BeeLine.java:473)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.apache.hadoop.util.RunJar.run(RunJar.java:233)

at org.apache.hadoop.util.RunJar.main(RunJar.java:148) HTTP Response code: 401 (state=08S01,code=0)

7,279 Views
0 Kudos

avatar
author-rank skothari author-rank
Contributor

Created ‎09-28-2016 06:28 PM

401 is authentication issue. Can you pls check whether the credentials are correct or not?

7,279 Views
0 Kudos

avatar
author-rank mliem
Expert Contributor

Created ‎09-28-2016 07:20 PM

they are - i use the same credentials for the UI's that go through knox gateway, also in knoxgateway log i see: 2016-09-28 19:19:06,039 INFO hadoop.gateway (AclsAuthorizationFilter.java:doFilter(85)) - Access Granted: true

7,279 Views
0 Kudos

avatar
author-rank JLo_Hernandez
Expert Contributor

Created ‎01-26-2018 11:35 PM

Any luck on this? I am also having error 401 and credentials are fine as well.

7,279 Views
0 Kudos

avatar
author-rank gul_shad author-rank
Expert Contributor

Created ‎08-20-2018 09:41 AM

You can refer below link. It will help in troubleshooting Knox issues.

https://community.hortonworks.com/articles/113013/how-to-troubleshoot-and-application-behind-apache....

7,279 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Operational Database supports Security-Enhanced Lin...
What's New @ Cloudera
Cloudera Operational Database supports creating AWS Graviton...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.15 for Cloudera 7....
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
View More Announcements